<%! /********************************************************************** ** ** SAP AG Walldorf ** (C) Copyright SAP AG 1999-2010 ** ***********************************************************************/ #include "publicincl/tools.inc" struct icm_change_user_type { string auth_file; string user; string group; string cert; string passwd; string passwd_new; }; struct icm_adm_status_type { string auth_file; string host; string hostaddr; string rhost; string rhostaddr; int port; }; struct icm_auth_status_type { boolean active; string perm_file; string auth_file; string filt_profile; string filt_pattern; }; static int checkinput (string user, string group, string pw1, string user_orig, string group_orig, string pw2) { if (user == "") return (-257); else if (pw1 != pw2) return (-256); else if ((pw1 != "") && (pw1 != "x") && (strlen (pw1) < 5)) return (-258); else if (user != user_orig) return (-260); else if (group != group_orig) return (-261); else if (strstr(pw1,"<")!="" || strstr(pw1,">")!="" || strstr(pw1,"&")!="" || strstr(pw1,"\"")!="") return (-262); else return (0); } %> <% int user_count; int nr, rc, row; string what, hdlsel, browser, fld, is_checked, opstr,op; string user, passwd, afile; boolean is_admin; string token; string msg; string icon; struct icm_user_type icm_user_info[]; struct icm_change_user_type icm_user; struct icm_adm_status_type icm_adm_status; struct icm_auth_status_type icm_auth_status; is_admin = __icm_get_system_property ("is_admin"); browser = __icm_get_browser_type(); what = anumenc(__icm_get_form_field ("what")); hdlsel = anumenc(__icm_get_form_field ("hdlsel")); afile = anumenc(__icm_get_form_field ("afile")); if (afile == "admin") { __icm_adm_hdl (1, icm_adm_status); icm_user.auth_file = icm_adm_status.auth_file; } else { __icm_auth_hdl (1, hdlsel, icm_auth_status); icm_user.auth_file = icm_auth_status.auth_file; } fld = anumenc(__icm_get_form_field ("row_selected")); if (fld == "") row = 0; else row = fld; %> User administration <% if (what == "add_user") { icm_user.user = anumenc(__icm_get_form_field ("user")); icm_user.group = anumenc(__icm_get_form_field ("group")); icm_user.cert = __icm_get_form_field ("cert"); icm_user.passwd = __icm_get_form_field ("passwd_new1",1); icm_user.passwd_new = ""; token = __icm_get_form_field ("token"); if (icm_user.passwd == "") rc = -258; else rc = checkinput (icm_user.user, icm_user.group, icm_user.passwd, __icm_get_form_field ("user"), __icm_get_form_field ("group"), __icm_get_form_field ("passwd_new2",1)); if (rc == 0) rc = __icm_execute (11, icm_user, token); if (rc == 0) { msg = "User successfully created. Changes will become active in the next 30 seconds."; icon = "s_m_info.gif"; } else if (rc == -256) { msg = "Specified passwords are different"; icon = "s_m_warn.gif"; } else if (rc == -257) { msg = "No user name specified"; icon = "s_m_warn.gif"; } else if (rc == -258) { msg = "Password is too short (should be at least 5 chars)"; icon = "s_m_warn.gif"; } else if (rc == -259) { msg = "Old and new passwords are identical"; icon = "s_m_warn.gif"; } else if (rc == -260) { msg = "User name contains invalid characters. Use characters from the set [a-zA-Z0-9_-]"; icon = "s_m_warn.gif"; } else if (rc == -261) { msg = "Group name contains invalid characters. Use characters from the set [a-zA-Z0-9_-]"; icon = "s_m_warn.gif"; } else if (rc == -262) { msg = "Password contains invalid characters. The following characters are not allowed: <>&\""; icon = "s_m_warn.gif"; } else if (rc == -11) { msg = "Session timeout. Please retry operation."; icon = "s_m_warn.gif"; } else { msg = "User could not be created: " + __icm_get_error_text(rc) + " (rc=" + rc + ")"; icon = "s_m_erro.gif"; } %>
Information
<%=msg%>
Back

<% } else if ((what == "do_change_user") || (what == "do_del_user") || (what == "do_lock_user") || (what == "do_unlock_user")) { user = anumenc(__icm_get_form_field ("user")); icm_user.user = user; token = __icm_get_form_field ("token"); if (what == "do_change_user") { icm_user.passwd = __icm_get_form_field ("passwd",1); icm_user.passwd_new = __icm_get_form_field ("passwd_new1",1); icm_user.group = anumenc(__icm_get_form_field ("group")); icm_user.cert = __icm_get_form_field ("cert"); opstr = "changed"; rc = checkinput (icm_user.user, icm_user.group, icm_user.passwd_new, icm_user.user, __icm_get_form_field ("group"), __icm_get_form_field ("passwd_new2",1)); if (rc == 0) if ((icm_user.passwd != "") && (icm_user.passwd == icm_user.passwd_new)) rc = -259; else rc = __icm_execute (13, icm_user, token); } else if (what == "do_lock_user") { opstr = "locked"; rc = __icm_execute (22, icm_user, token); } else if (what == "do_unlock_user") { opstr = "unlocked"; rc = __icm_execute (23, icm_user, token); } else { opstr = "deleted"; rc = __icm_execute (12, icm_user, token); } if (rc == 0) { msg = "User successfully " + opstr + ". Changes will become active in the next 30 seconds."; icon = "s_m_info.gif"; } else if (rc == -256) { msg = "Specified passwords are different"; icon = "s_m_warn.gif"; } else if (rc == -257) { msg = "No user name specified"; icon = "s_m_warn.gif"; } else if (rc == -258) { msg = "New password is too short (should be at least 5 chars)"; icon = "s_m_warn.gif"; } else if (rc == -259) { msg = "Old and new passwords are identical"; icon = "s_m_warn.gif"; } else if (rc == -260) { msg = "User name contains invalid characters. Use characters from the set [a-zA-Z0-9_-]"; icon = "s_m_warn.gif"; } else if (rc == -261) { msg = "Group name contains invalid characters. Use characters from the set [a-zA-Z0-9_-]"; icon = "s_m_warn.gif"; } else if (rc == -262) { msg = "Password contains invalid characters. The following characters are not allowed: <>&\""; icon = "s_m_warn.gif"; } else if (rc == -11) { msg = "Session timeout. Please retry operation."; icon = "s_m_warn.gif"; } else if (rc == -13) { msg = "Permission denied."; icon = "s_m_warn.gif"; } else { msg = "User could not be " + opstr + ": " + __icm_get_error_text(rc) + "(" + rc + ")"; icon = "s_m_erro.gif"; } %>
Information
<%=msg%>
Back

<% } else if ((what == "del_user") || (what == "lock_user") || (what == "unlock_user")) { user_count = __icm_get_user_info(icm_user.auth_file, icm_user_info); if ((row < 0) || (row >= user_count)) row = 0; user = icm_user_info[row].user; if (what == "del_user") { opstr = "delete";op="do_del_user"; token = __icm_get_token(12); } else if (what == "lock_user") { opstr = "lock";op="do_lock_user"; token = __icm_get_token(22); } else { opstr = "unlock";op="do_unlock_user"; token = __icm_get_token(23); } %>

Confirm operation
Do you really want to <%=opstr%> the user <%=htmlenc(user)%> ?
Yes No

<% } else { user_count = __icm_get_user_info(icm_user.auth_file, icm_user_info); %>
<% for (nr = 0; nr < user_count; nr++) { if (icm_user_info[nr].passwd != "x") passwd = "set"; else passwd = "none"; if ((what == "change_user") && (nr == row)) { %> <% } else { if (row == nr) is_checked = "checked"; else is_checked = ""; %> <% } } %> <% if (what == "show_add_user") { %> <% } %>
Users in file "<%=icm_user.auth_file%>"
  Name Group Client Certificate Data Password Attributes
Old Password:
New Password:
Confirm Password:
<% if (icm_user_info[nr].locked) __output("\"user"); else __output(" "); %>
> <%=icm_user_info[nr].user%> <%=icm_user_info[nr].group%> <%=icm_user_info[nr].cert%> <%=passwd%> <% if (icm_user_info[nr].locked) __output("\"user"); else __output(" "); %>
New Password:
Confirm Password:
 
<% if (what == "show_add_user") { token = __icm_get_token(11); %>

Save Cancel <% } else if (what == "change_user") { token = __icm_get_token(13); %>

Save Cancel <% } else if (is_admin) { %>

Edit user Add User Delete User Lock User Unlock User <% } %>

<% } %>